Enterprise Legal

Data Processing Agreement

Last updated: May 14, 2026

Back to Legal Center

Public summary

This page summarizes FaceofMind's approach to Data Processing Agreements for eligible business, clinic, and enterprise customers. It is not itself the executed contract. A signed DPA may be made available where the service relationship and applicable privacy laws require it.

When a DPA is typically used

A DPA may apply when FaceofMind processes personal data on behalf of a customer, such as a clinic, healthcare group, employer program, or enterprise customer using FaceofMind services for internal or customer-facing workflows.

What the agreement is expected to cover

  • Roles and responsibilities when FaceofMind acts as a processor or subprocessor for eligible customers.
  • Instructions for processing, confidentiality obligations, and access controls for authorized personnel.
  • Security measures, incident response cooperation, and deletion or return of covered data at the end of service.
  • Subprocessor and cross-border transfer handling aligned with the customer relationship and applicable law.

Security and transfers

FaceofMind maintains a broader privacy and security program described in the Privacy Policy, Security, and Trust Center. Where data transfers or subprocessors are relevant to a customer relationship, those details should be addressed in procurement and contracting before onboarding regulated workflows.

How to request a DPA

To request a DPA for an active or planned business relationship, email legal@faceofmind.com with your organization name, intended use case, and any required procurement or regulatory context.